Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fkL5qpHFODs-cnVy67GVWRqHYM4.cer
File:                     fkL5qpHFODs-cnVy67GVWRqHYM4.cer (raw, json)
Hash identifier:          VHmy17QzHG9AO43T+8Bhj2aJR2gaO8gkbEf5rtxFpTQ=
Subject key identifier:   7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB2DF23173B94A8FB08713A9393C9B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.201.48.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2d:f2:31:73:b9:4a:8f:b0:87:13:a9:39:3c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e42f9aa91c5383b3e727572ebb195591a8760ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:b1:f1:26:d1:e6:88:38:67:27:d9:32:61:
                    15:ec:fd:29:36:fc:40:07:3a:a6:ad:8c:71:b1:fd:
                    16:01:3a:f4:66:bb:84:f8:f9:f3:f6:f8:70:6a:45:
                    23:9a:dc:af:69:ca:10:ac:8f:bf:00:d2:7c:35:0a:
                    2d:6a:40:6c:d6:87:ad:0a:7d:54:37:0f:30:57:fa:
                    60:ce:24:de:9a:08:a2:f6:54:c7:fd:79:99:cf:74:
                    b4:43:9e:b6:3c:a6:8d:e1:eb:a5:e6:e1:cf:85:2b:
                    66:76:5c:23:0c:e8:fa:d1:5f:2d:2f:42:84:1a:ab:
                    17:12:7e:ad:ce:84:d5:fb:2a:ce:ac:0a:62:70:35:
                    f5:55:b6:16:08:f2:80:d1:30:83:d4:e6:17:65:33:
                    48:e3:2d:c4:96:ae:82:bd:3e:c0:1a:77:d3:59:19:
                    8a:cf:16:ee:24:22:cb:d8:49:53:6b:b2:5a:6f:d9:
                    61:90:23:f7:68:4b:0c:31:c2:13:ab:db:90:3e:c7:
                    6d:4e:13:45:04:c9:e5:a0:c8:74:7c:98:19:5e:5b:
                    f1:a5:5c:a6:4d:d4:dc:fe:7c:74:a8:80:66:3c:a0:
                    db:66:73:28:2c:6a:18:ee:48:0e:a0:9e:ee:9b:cf:
                    2e:40:a2:9f:fb:68:59:d9:d3:6d:01:73:6a:76:de:
                    72:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:ca:a8:dd:dc:b6:28:1a:79:9e:63:3e:e0:99:2d:71:c7:2f:
         3e:f7:5c:a4:67:e5:58:35:10:18:df:b5:a7:0c:65:e4:27:c4:
         54:e7:a7:b4:82:ae:7a:ed:49:8a:8c:31:4b:e1:e7:a6:bf:97:
         6a:ac:8d:30:42:c3:53:a7:31:56:96:e7:b1:b4:37:b9:18:8f:
         29:04:0e:ba:9f:ab:ac:dc:e1:77:56:7d:40:4f:1d:47:a9:44:
         ce:1e:e1:5f:54:00:29:6d:94:96:d0:9d:db:58:c8:78:6a:c4:
         9d:d8:8d:45:c0:e2:2c:83:75:d9:62:2a:8b:d1:12:c8:bd:b1:
         4c:76:c4:3c:01:da:42:f1:bd:ac:41:e5:2a:99:9b:1f:47:ea:
         a5:1d:b4:bc:7b:11:67:97:d6:3e:01:51:44:19:ae:9a:a4:43:
         e0:a9:91:69:fa:ba:62:39:01:11:3c:4e:3d:91:5f:9e:d4:30:
         0d:c4:ed:98:91:9d:3d:01:d4:8e:74:05:7e:1c:2c:89:86:4d:
         dd:a5:03:99:35:71:fd:1a:f9:26:b4:30:2e:5d:65:97:f3:36:
         c1:82:a4:bb:19:a3:ab:34:1e:cb:94:90:73:6c:2d:eb:75:bf:
         2c:66:6e:01:e4:d4:df:c0:2c:fe:d9:ab:1b:a1:14:e9:4f:ae:
         41:68:77:a0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzC2y3yMXO5So+whxOpOTybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQyZjlhYTkxYzUzODNiM2U3Mjc1NzJlYmIxOTU1OTFhODc2MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspGx8SbR5og4ZyfZMmEV7P0pNvxA
BzqmrYxxsf0WATr0ZruE+Pnz9vhwakUjmtyvacoQrI+/ANJ8NQotakBs1oetCn1U
Nw8wV/pgziTemgii9lTH/XmZz3S0Q562PKaN4eul5uHPhStmdlwjDOj60V8tL0KE
GqsXEn6tzoTV+yrOrApicDX1VbYWCPKA0TCD1OYXZTNI4y3Elq6CvT7AGnfTWRmK
zxbuJCLL2ElTa7Jab9lhkCP3aEsMMcITq9uQPsdtThNFBMnloMh0fJgZXlvxpVym
TdTc/nx0qIBmPKDbZnMoLGoY7kgOoJ7um88uQKKf+2hZ2dNtAXNqdt5yrwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH5C+aqRxTg7PnJ1cuuxlVkah2DOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzgxZDhk
ZC00Y2QzLTQzNzgtYjA2Ny03Y2Q0NzI4NjRiZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvODFkOGRk
LTRjZDMtNDM3OC1iMDY3LTdjZDQ3Mjg2NGJmOC8xL2ZrTDVxcEhGT0RzLWNuVnk2
N0dWV1JxSFlNNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwckwMA0GCSqGSIb3DQEBCwUAA4IBAQCHyqjd
3LYoGnmeYz7gmS1xxy8+91ykZ+VYNRAY37WnDGXkJ8RU56e0gq567UmKjDFL4eem
v5dqrI0wQsNTpzFWluextDe5GI8pBA66n6us3OF3Vn1ATx1HqUTOHuFfVAApbZSW
0J3bWMh4asSd2I1FwOIsg3XZYiqL0RLIvbFMdsQ8AdpC8b2sQeUqmZsfR+qlHbS8
exFnl9Y+AVFEGa6apEPgqZFp+rpiOQERPE49kV+e1DANxO2YkZ09AdSOdAV+HCyJ
hk3dpQOZNXH9GvkmtDAuXWWX8zbBgqS7GaOrNB7LlJBzbC3rdb8sZm4B5NTfwCz+
2asboRTpT65BaHeg
-----END CERTIFICATE-----